CVE-2016-0861

Опубликовано: 05 фев. 2016

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Средний

Описание

General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors.

Ссылки

http://apps.geindustrial.com/publibrary/checkout/Application%20and%20Technical%7CGEIS_SNMP%7CPDF&filename=GEIS_SNMP.pdf
Vendor Advisory
http://packetstormsecurity.com/files/135586/GE-Industrial-Solutions-UPS-SNMP-Adapter-Command-Injection.html
http://seclists.org/fulldisclosure/2016/Feb/21
https://ics-cert.us-cert.gov/advisories/ICSA-16-033-02
Third Party Advisory
US Government Resource
https://www.exploit-db.com/exploits/39408/
http://apps.geindustrial.com/publibrary/checkout/Application%20and%20Technical%7CGEIS_SNMP%7CPDF&filename=GEIS_SNMP.pdf
Vendor Advisory
http://packetstormsecurity.com/files/135586/GE-Industrial-Solutions-UPS-SNMP-Adapter-Command-Injection.html
http://seclists.org/fulldisclosure/2016/Feb/21
https://ics-cert.us-cert.gov/advisories/ICSA-16-033-02
Third Party Advisory
US Government Resource
https://www.exploit-db.com/exploits/39408/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ge:ups_snmp_web_adapter_firmware:*:*:*:*:*:*:*:*

Версия до 4.7 (включая)

EPSS

Процентиль: 93%

0.1006

Средний

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-77

Связанные уязвимости

GHSA-78mv-6rfc-wcg4